|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 28, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We employ a defense-in-depth approach for our cybersecurity program, with policies, systems, and processes designed to oversee, identify, prevent, and reduce the potential impact of a cybersecurity threat against us or a third-party vendor or service provider. These policies, systems and processes include but are not limited to: Multi-factor Authentication, Privileged Account Management, Endpoint, Email and Cloud Security platforms, immutable backups, vulnerability scanning, third-party risk assessments, and other applicable controls.
Driven Brands’ risk management program for information security and cybersecurity aims to protect the confidentiality, integrity, and availability of our information assets. It is designed using people, processes, technologies, and capabilities, such as monitoring, alerting, scanning, testing, tabletop exercises, trainings, and assessments, to identify risks from cybersecurity threats, system vulnerabilities, or third-party service providers and vendors.
The Company’s cybersecurity programs are updated regularly to align with emerging technical threats, such as those introduced through threat actors’ adoption of AI, changes in regulatory requirements, and industry best practices. In addition to our internal cybersecurity capabilities, we also engage consultants and other third-party service providers where appropriate to inform our understanding of cybersecurity risks and enable risk-based measures to defend against cybersecurity threats.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Driven Brands’ risk management program for information security and cybersecurity aims to protect the confidentiality, integrity, and availability of our information assets. It is designed using people, processes, technologies, and capabilities, such as monitoring, alerting, scanning, testing, tabletop exercises, trainings, and assessments, to identify risks from cybersecurity threats, system vulnerabilities, or third-party service providers and vendors.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors, in coordination with its Audit Committee, oversees the Company’s enterprise risk management process, including the management of risks arising from cybersecurity threats. Both the Board of Directors and the Audit Committee periodically review the measures we have implemented to identify and mitigate data protection and cybersecurity risks.
The Audit Committee, as part of the governance and oversight of company risk management, also periodically receives reports and presentations from the CISO regarding the Company’s cybersecurity risk management. The Board receives reports of Audit Committee discussions regarding its oversight of cybersecurity risk. We have protocols by which certain cybersecurity incidents that meet established reporting thresholds are escalated within the Company and, where appropriate, are reported to the Board and/or Audit Committee.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our CISO, in consultation with senior leadership and the Board of Directors, sets the strategic direction of our cybersecurity program across the Company and is responsible for implementing, monitoring, and maintaining it. The cybersecurity program includes processes related to the prevention, detection, mitigation, and remediation of cybersecurity threats. Our CISO is supported by a Cybersecurity Team of enterprise information system security and risk professionals.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Audit Committee, as part of the governance and oversight of company risk management, also periodically receives reports and presentations from the CISO regarding the Company’s cybersecurity risk management. The Board receives reports of Audit Committee discussions regarding its oversight of cybersecurity risk. We have protocols by which certain cybersecurity incidents that meet established reporting thresholds are escalated within the Company and, where appropriate, are reported to the Board and/or Audit Committee.
|Cybersecurity Risk Role of Management [Text Block]
|
Management’s Role in Cybersecurity Risk Management
At the management level, our cybersecurity team is led by our Chief Information Security Officer (“CISO”), a certified information systems security professional with decades of experience in both the public and private sectors, who has led cybersecurity teams at large organizations and held leadership roles in information security and cybersecurity industry groups.
Our CISO, in consultation with senior leadership and the Board of Directors, sets the strategic direction of our cybersecurity program across the Company and is responsible for implementing, monitoring, and maintaining it. The cybersecurity program includes processes related to the prevention, detection, mitigation, and remediation of cybersecurity threats. Our CISO is supported by a Cybersecurity Team of enterprise information system security and risk professionals. OurCISO receives periodic reports on cybersecurity threats and regularly reviews risk management measures implemented by the Company to identify and mitigate cybersecurity risks.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|At the management level, our cybersecurity team is led by our Chief Information Security Officer (“CISO”), a certified information systems security professional with decades of experience in both the public and private sectors, who has led cybersecurity teams at large organizations and held leadership roles in information security and cybersecurity industry groups.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|At the management level, our cybersecurity team is led by our Chief Information Security Officer (“CISO”), a certified information systems security professional with decades of experience in both the public and private sectors, who has led cybersecurity teams at large organizations and held leadership roles in information security and cybersecurity industry groups.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Audit Committee, as part of the governance and oversight of company risk management, also periodically receives reports and presentations from the CISO regarding the Company’s cybersecurity risk management. The Board receives reports of Audit Committee discussions regarding its oversight of cybersecurity risk.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef